Configure API access
The Token Server offers several APIs to integrate Token Server processes with existing systems. Access to the APIs can be managed via API clients. Per API client a client id and client secret can be configured. In the communication with the APIs the basic authentication header should be used. Where the client id is the username and the client secret is the password.
The API clients can be configured in the admin console: Configuration > System > API clients.
Per API client can be specified which API(s) can be accessed. This gives the opportunity to provide external systems using the Token Server APIs only access to a certain function. Currently the access can be granted to the following APIs:
- Admin API
- Insights: communication between Onegini Insights and the Token Server to retrieve statistics data.
- End user
- Mobile authentication
- Payload encryption policy: communication between the Onegini Security Proxy and the Token Server to exchange payload encryption settings.
- Token introspection
- User registration:
On top of basic authentication via API clients we advise to create an IP white list for the
/oauth/api endpoint, so only selected machines in the
corporate network have access to these APIs.